ROBOT: Cloud InSecurity Engineered By Design – GOTCHA!

Image: 123RF

On Friday the 19^th, as global outage struck CrowdStrike customers, ‘outrage’ of a Russian American’s prison sentence struck US.  

Co-founders George Kurtz and CTO Dmitri Alperovitch, here’s an idea! Swap Alperovitch, reported to be Russian expatriate, for the other Russian American. Ruskies, one hack for another?

President Vladimir Putin, is BBC correct in reporting that you ‘hinted at a possible exchange’?

Odd that a journalist of a Capitalist Journal would go to a Communist country. Looking to sell subscriptions to a Commi? 🙂

Why not, Cloud Service providers are selling their ‘services’ to US Intel and Security Agencies at a bargain price. Heard “CloudFlare Lands $7.2M Project from CISA for Registry, DNS Services.”  

Of course, like any profitable business, best to play both sides in this game of ‘cat and mouse.’ “CloudFlare CEO blasts Anonymous claims of ISIS terrorist support.”

Says the CEO, “Even if we were hosting sites for ISIS, it wouldn’t be of any use to us.” What of US State Dept? Hmm, would sites from Iran be useful to Israel to deter attacks?

Then again, as Arik Hesseldahl points out about the web securitystart-up, “For every attack that’s launched against a Cloudflare customer, the system gets stronger and better able to apply what is learned across its network for the benefit of everyone else.” Sure, happy to ‘take one for the team’!

Prince Charming, let me sweeten the ‘honey pot.’ Black Hats and White Hats are welcomed! State and non-State Actors.

Outage on 19th of July brings to mind buyout on the 19^th of September 2023, eighteen days before October 7^th Strike on Israel.

CrowdStrike acquired Israel’s cyber startup Bionic. Unfortunately, CrowdStrike was unable to do for the battle on the ground what it claimed to do for the cloud.

“The cloud is cybersecurity’s new battleground… We are delivering what customers need: modern protection to address cloud security risk comprehensively, through one unified platform,” said George Kurtz. But you’re not delivering. Could problem be the ‘one unified platform”?

Tell us George, with the recent acquisition of yet another Israel start-up, Flow Security, and OUTAGE on Friday, how is CrowdStrike “redefining the future of data protection by securing data from code, to application, to device and cloud”?

Microsoft’s Brad Smith (BS) finds ‘risk in one, risk in multiple.’ Why not the ‘more the merrier’? Overkill. No matter how many, all one needs is a single weak spot.  

Look BS, truth of the matter is the PC is INsecure by design. No matter the power of an AI supercomputer, PCs by default and design are INSECURE as the NETWORK they connect- NET or CYBERSPACE. Right, customers needing to compete will risk an outage or hack for speed. And as recent events have shown, risk an outbreak for profit margins.

Microsoft in China? BS, protecting American IP while ‘learning’ what world is up to? No need to go to North Korea, Russia, or Iran? Guess China really is the bio and tech hub of the world. Reminds me of a Biotech Researcher who went to Wuhan. Sadly, on his return, a viral infiltration spread worldwide. And whala, US got a vac for that! 🙂

BS, is it correct that at the start of US officially declaring an epidemic in March 2020, Microsoft Teams usage in Italy was already at an 775% increase on account of COVID-19 pandemic? Appears Chinese workforce in Italy had an impact as I previously noted. Yet, unlike Microsoft, no reason for me to be in China to learn this.

Brad, now that YOU are back from China addressing Cyber Security Failures at Microsoft, where’s your app? Didn’t meet PRC security customs?  Politicians are correct, China doesn’t sue, it arrests. Unfortunately, Politicians can’t do either because they are your customers, not the other way around.  Here’s an idea for app – USERGUARD. Right, similar to ‘ElectionGuard.’

BS, appears this ‘forever war in cyberspace’ has replaced forever wars on the ground. Yet, Rep. Eli Crane sees ‘attacks across the board.’

One month after your testimony on June 13^th on Cyber Security Failures at Microsoft, the former President of the US was shot reportedly due to Security Failures. Six days later, global outage struck services linked to CrowdStrike. Another Security Failure?  

FBI, hear you like cyber firms so much one of your agents now works for CrowdStrike. Or, is it the other way around? According to Security Week, Shawn Henry, a former FBI “top cyber cop…will join…as President of CrowdStrike Services.”

Funny, your background is NOT services or security. In fact, FBI Director Christopher Wray pointed out, “We’re the Federal Bureau of Investigation. Not Federal Bureau of Security.”

Of course, Chris did confirm that the FBI has ‘no interest’ in platforms and so “companies are free to…”  How convenient for those in ‘services’ AND its subscribers.

Recall report by The Register of Anonymous saying “it was “shameful” CloudFlare was “providing services to pro-Islamic State websites.” CEOs response:

“If the cops or Feds come to San Francisco-based CloudFlare about one of its customers…to take down a site, then the Silicon Valley upstart is happy to cooperate, Prince said.”

Appears in this game of ‘cops and robbers’ “Investigators want him to keep sites up rather than take them down.”

Shawn, looking back working at FBI, you speak of a reactionary bureau. “CrowdStrike provides me the opportunity…to get in FRONT of the problem rather than merely reacting to it.” But are you proactive? As chief security officer, will 2024 Global Threat Report include July 19^th Global Outage?

CIA, not joined the Crowd in the Cloud? Seems strange given that cyber firms have their tentacles in just about everything and everywhere. Take Russia, for example.

BBC reporting begs two questions: Why would the Ruskies accuse Evan of “working for the Central Intelligence Agency (CIA)…to collect “secret information”? So called ‘cybersecurity’ firms unable to collect and deliver Intel?

Alphabet agencies, if cyber firms have a ‘ton of customers’ how long before ransom threats are made for all that ton of data? Recall, what Security Week reported:

“The company isn’t well-known, but it’s been said that they are attempting to use Big-Data – as in data mining and aggregation – …and fend off attacks sourced from external threats and those on the inside.”  

CrowdStrike, you are said to thrive on ‘external threats.’ Did you overlook attack sourced from ‘those on the inside’? Utility as Communication and Transportation have been doing so for years.

Consumer ‘bundling’ strategy: Access data, disrupt the crowd and surveil for pricing.

Election and Foreign Interference 

RNC or DNC, sure you want to contract CrowdStrike for security against the Ruskies? I hear these guys got it doubly wrong – campaign and Ukraine. VOA Newsreports, “Think Tank: Cyber Firm at Center of Russian Hacking Charges Misread Data.”  

“International Institute for Strategic Studies (IISS) told VOA that CrowdStrike erroneously used IISS data as proof of the intrusion. Ukraine’s Ministry of Defense also has claimed combat losses and hacking never happened.”

Do you all remember when “Alperovitch told Inc. at the time that the attack was a signal to all businesses: Hackers and spies from Russia and other countries were breaching networks all over the U.S.”

However, Jeffrey Carr, a cyberwarfare consultant who has lectured at the U.S. Army War College, the Defense Intelligence Agency, and other government agencies” noted in a January post on LinkedIn, “CrowdStrike Needs To Address The Harm It Caused Ukraine.”

“The company found one piece of malware and one video, and from that flimsy evidence built an entire house of cards whose only purpose was to grab headlines and reinforce their DNC.”

Microsoft, funny I didn’t hear of LinkedIn having an outage. Appears it provides no ‘REAL’ service.

“To and From Russia With Love”

Here’s the irony and sad state of affairs in the cloud. As one cloudy claimed Russian foreign interference, another refused to get out of Russia. Reports Ars Technica “Cloudflare refuses to pull out of Russia, says Putin would celebrate shutoff.”

What say the CEO, Matthew Prince? “Our conclusion…is that Russia needs more Internet access, not less.” Or, is it the DHS who needs more access to Russia?

Prince, speaking of ‘more access’, after the outage on the 19^th I heard customers were outraged. Guess they’ll need to find out who ‘services’ airline, hospital, bank…and oh yes, even coffee shop BEFORE they pay for services and ‘security.’

Especially if neither customers nor clients are getting gift certificates. Reminds me of a ‘gift’ by Chevron.

Guess Data is the new Oil. But will you Datasaurs meet the same fate as Oiligarchs and Dinosaurs? 

CrowdStrike claims no ‘hacking’ going on. Really? As CloudFlare, did you acquire a web services company liken to ‘StopTheHacker’? Read in Biz Journals, “Fresh off IPO, this high-profile Bay Area cloud company just snapped up a browser isolation company”.

CrowdStrike, speaking of systems and services, hear your clients include Google and Amazon Web Services. Oops, Play Store closed. Bozo, imagine if those ‘prime’ orders got lost in the cloud! 🙂

Back to Russian Foreign Exchange. Mitya, what have you to say for yourself before sent back to the Gulag? “Assume they are inside your network,” Alperovitch said.

Tesla, here’s an idea. Scary pitch to sell car security to those on reservation list for ‘CyberBeast’!!!  “Assume they are inside your [Cyber Truck] network.”

Elon, is it correct you “deleted CrowdStrike from all our systems”? Hmm, thought more than one cloud service system was ‘OUT.’ Didn’t SpaceX contract CloudFlare in August of last year to ‘boost’ up Starlink?

Congrats! Hear you’ve been ‘cleared to return to flight’ and ready to launch Falcon 9. Just in time. As I noted last month, NASA may ask you to do a fly-by and pick up crew from Boeing-Lockheed Starliner unable to get back to earth. If not you, Russia’s Space Station Crew or China’s Humanoids? 🙂 

CrowdStrike, time to expose the real ‘hacker’! Department of Homeland Security (DHS), which ‘cloud’ got the most ‘valuable data’ – Crowd or Flare?    

Crowd, striked out!

Flare, GOTCHA!

Am I Human or a Robot 🙂